2021-03-25
|
CVE-2021-3449
|
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default...
|
Multi\-Domain_management_firmware, Quantum_security_gateway_firmware, Quantum_security_management_firmware, Debian_linux, Fedora, Freebsd, Web_gateway, Web_gateway_cloud_service, Active_iq_unified_manager, Cloud_volumes_ontap_mediator, E\-Series_performance_analyzer, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider, Snapcenter, Storagegrid, Node\.js, Openssl, Communications_communications_policy_management, Enterprise_manager_for_storage_management, Essbase, Graalvm, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql_connectors, Mysql_server, Mysql_workbench, Peoplesoft_enterprise_peopletools, Primavera_unifier, Secure_backup, Secure_global_desktop, Zfs_storage_appliance_kit, Ruggedcom_rcm1224_firmware, Scalance_lpe9403_firmware, Scalance_m\-800_firmware, Scalance_s602_firmware, Scalance_s612_firmware, Scalance_s615_firmware, Scalance_s623_firmware, Scalance_s627\-2m_firmware, Scalance_sc\-600_firmware, Scalance_w1700_firmware, Scalance_w700_firmware, Scalance_xb\-200_firmware, Scalance_xc\-200_firmware, Scalance_xf\-200ba_firmware, Scalance_xm\-400_firmware, Scalance_xp\-200_firmware, Scalance_xr524\-8c_firmware, Scalance_xr526\-8c_firmware, Scalance_xr528\-6m_firmware, Scalance_xr552\-12_firmware, Scalance_xr\-300wg_firmware, Simatic_cloud_connect_7_firmware, Simatic_cp_1242\-7_gprs_v2_firmware, Simatic_hmi_basic_panels_2nd_generation_firmware, Simatic_hmi_comfort_outdoor_panels_firmware, Simatic_hmi_ktp_mobile_panels_firmware, Simatic_logon, Simatic_mv500_firmware, Simatic_net_cp1243\-7_lte_eu_firmware, Simatic_net_cp1243\-7_lte_us_firmware, Simatic_net_cp_1243\-1_firmware, Simatic_net_cp_1243\-8_irc_firmware, Simatic_net_cp_1542sp\-1_irc_firmware, Simatic_net_cp_1543\-1_firmware, Simatic_net_cp_1543sp\-1_firmware, Simatic_net_cp_1545\-1_firmware, Simatic_pcs_7_telecontrol_firmware, Simatic_pcs_neo_firmware, Simatic_pdm_firmware, Simatic_process_historian_opc_ua_server_firmware, Simatic_rf166c_firmware, Simatic_rf185c_firmware, Simatic_rf186c_firmware, Simatic_rf186ci_firmware, Simatic_rf188c_firmware, Simatic_rf188ci_firmware, Simatic_rf360r_firmware, Simatic_s7\-1200_cpu_1211c_firmware, Simatic_s7\-1200_cpu_1212c_firmware, Simatic_s7\-1200_cpu_1212fc_firmware, Simatic_s7\-1200_cpu_1214_fc_firmware, Simatic_s7\-1200_cpu_1214c_firmware, Simatic_s7\-1200_cpu_1215_fc_firmware, Simatic_s7\-1200_cpu_1215c_firmware, Simatic_s7\-1200_cpu_1217c_firmware, Simatic_s7\-1500_cpu_1518\-4_pn\/dp_mfp_firmware, Simatic_wincc_runtime_advanced, Simatic_wincc_telecontrol, Sinamics_connect_300_firmware, Sinec_infrastructure_network_services, Sinec_nms, Sinec_pni, Sinema_server, Sinumerik_opc_ua_server, Tia_administrator, Tim_1531_irc_firmware, Capture_client, Sma100_firmware, Sonicos, Log_correlation_engine, Nessus, Nessus_network_monitor, Tenable\.sc
|
5.9
|
|
|
2021-05-12
|
CVE-2020-28393
|
An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE XM-400, XR-500 (All versions prior to v6.4).
|
Scalance_xm408\-4c_firmware, Scalance_xm408\-4c_l3_firmware, Scalance_xm408\-8c_firmware, Scalance_xm408\-8c_l3_firmware, Scalance_xm416\-4c_firmware, Scalance_xm416\-4c_l3_firmware, Scalance_xm\-400_firmware, Scalance_xr524_firmware, Scalance_xr526_firmware, Scalance_xr528_firmware, Scalance_xr552_firmware
|
7.5
|
|
|
2020-02-11
|
CVE-2019-13946
|
Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit
internal resource allocation when multiple legitimate diagnostic package
requests are sent to the DCE-RPC interface.
This could lead to a denial of service condition due to lack of memory
for devices that include a vulnerable version of the stack.
The security vulnerability could be exploited by an attacker with network
access to an affected device. Successful exploitation requires no system
privileges and no user...
|
Dk_standard_ethernet_controller, Ek\-Ertec_200_firmware, Ek\-Ertec_200p_firmware, Im_154\-3_pn_hf_firmware, Im_154\-4_pn_hf_firmware, Profinet_driver, Ruggedcom_rm1224_firmware, Scalance_m\-800_firmware, Scalance_s615_firmware, Scalance_w700_ieee_802\.11n_firmware, Scalance_x\-200irt_firmware, Scalance_x\-300_firmware, Scalance_x\-400_firmware, Scalance_xb\-200_firmware, Scalance_xc\-200_firmware, Scalance_xf\-200_firmware, Scalance_xf\-200ba_firmware, Scalance_xm\-400_firmware, Scalance_xp\-200_firmware, Scalance_xr524_firmware, Scalance_xr526_firmware, Scalance_xr528_firmware, Scalance_xr552_firmware, Scalance_xr\-300wg_firmware, Simatic_cp_1604_firmware, Simatic_cp_1616_firmware, Simatic_cp_343\-1_advanced_firmware, Simatic_cp_343\-1_erpc_firmware, Simatic_cp_343\-1_firmware, Simatic_cp_343\-1_lean_firmware, Simatic_cp_443\-1_advanced_firmware, Simatic_cp_443\-1_firmware, Simatic_cp_443\-1_opc_ua_firmware, Simatic_et200al_im_157\-1_pn_firmware, Simatic_et200ecopn_firmware, Simatic_et200m_im153\-4_pn_io_hf_firmware, Simatic_et200m_im153\-4_pn_io_st_firmware, Simatic_et200mp_im155\-5_pn_hf_firmware, Simatic_et200mp_im155\-5_pn_st_firmware, Simatic_et200pro_firmware, Simatic_et200s_firmware, Simatic_et200sp_im155\-6_pn_basic_firmware, Simatic_et200sp_im155\-6_pn_hf_firmware, Simatic_et200sp_im155\-6_pn_st_firmware, Simatic_ipc_support, Simatic_mv420_firmware, Simatic_mv440_firmware, Simatic_pn\/pn_coupler_firmware, Simatic_rf180c_firmware, Simatic_rf182c_firmware, Simatic_rf600_firmware, Sinamics_dcp_firmware
|
7.5
|
|
|
2017-12-26
|
CVE-2017-12736
|
A vulnerability has been identified in RUGGEDCOM ROS for RSL910 devices (All versions < ROS V5.0.1), RUGGEDCOM ROS for all other devices (All versions < ROS V4.3.4), SCALANCE XB-200/XC-200/XP-200/XR300-WG (All versions between V3.0 (including) and V3.0.2 (excluding)), SCALANCE XR-500/XM-400 (All versions between V6.1 (including) and V6.1.1 (excluding)). After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to writeto the device under certain conditions,...
|
Ruggedcom_ros, Scalance_xb\-200_firmware, Scalance_xc\-200_firmware, Scalance_xm\-400_firmware, Scalance_xp\-200_firmware, Scalance_xr300\-Wg_firmware, Scalance_xr\-500_firmware
|
8.8
|
|
|